Read a lot of doco but can’t find any instruction on what to fill in the Bind DN and Bind Password
My domain is CMMS.FOUO, the Win server name is MSDC, and the Neth server name is Exchange.

By the way do I need to create a LDAP service account or add new role for the Win16 server ?

My end state is to have SOGo to authenticate with AD user, and possible the XMPP/Jabber chat server service to do the same (authenticate AD user)

After reading some post, their instruction is
Bind DN: cn=ldapservice,cn=Users,dc=cmms,dc=fouo
Bind Password: the password of AD user
but I have the error message “Authentication credentials for LDAP applications
LDAP connection error”

yes as I described in my original post, I created an account “ldapservice” in the User OU with a never expired password. However the bind fail "Authentication credentials for LDAP applications
LDAP connection error"
Does this user need some special priviledge ?

I tried with an account ldapservice like this:
cn=ldapservice,cn=Users,dc=cmms,dc=fouo
and
ldapservice@cmms.fouo

and with other accounts. I used the command kinit on Linux to confirm if the Windows account/password to correct.

Please help guys, I haven’t done anything funky with the server yet, this is what I did:
install the Netserver from .iso
join domain, install Email and SOGo
On Win16 server, I created a user sogo
on Neth ran these command:

you’re saying that you need to enable AC certificate services even if the LDAP connection is in clear text without STARTTLS?

You are absolutely right, it doesn’t make sense. I thought maybe the LDAP auth bind always does a cert check? Another thing is M$ Windows because I installed these AD cert services and did a reboot and after that everything worked. Maybe the solution is just the REBOOT of the Win Server after joining?

I used the ldap://ipaddress instead of FQDN, although the server can resolve the name, somehow Neth couldn’t.
Don’t think the Cert Authority role has anything to do with it, I did install, tested connection, remove the Role and things still work.

Now that it works, I am a bit curious how LDAP work. Where is the authentication happen? Nethserver forward the credential to AD to be checked or the LDAP service on Nethserver has a replication of directory credentials ?